|
|
|
need help please
|
|
|
mymaxxy
Junior Member
|
23. September 2006 @ 17:12 |
Link to this message
|
mymaxxy, your running HijackThis from a temporary folder. Please go to Add/Remove Programs and uninstall HijackThis. Then, download the zip file again to the desktop. Create a folder in C: named HjT. Extract the HijackThis.exe to the created folder. Run a new scan and save a new log. I don't see that you have Myzor so please make a new thread pertaining to your problems to avoid confusion.
sorry sound stupid but can please tell me how to do the above.how do i get to download to desktop.puling my hair out here with frustration.
thanks
|
|
Advertisement
|
|
|
|
Senior Member
|
23. September 2006 @ 17:25 |
Link to this message
|
Sorry.
HijackThis <--click the link and download it to the desktop.
lol, that one isn't working. Just click any HijackThis name with the blue hyper link.
This message has been edited since posting. Last time this message was edited on 23. September 2006 @ 17:27
|
|
mymaxxy
Junior Member
|
23. September 2006 @ 17:31 |
Link to this message
|
hope done right lol
Logfile of HijackThis v1.99.1
Scan saved at 11:30:31 AM, on 9/24/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCGUIDE.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\SONY CORPORATION\PICTURE PACKAGE\PICTURE PACKAGE APPLICATIONS\RESIDENCE.EXE
C:\PROGRAM FILES\SONY CORPORATION\PICTURE PACKAGE\PICTURE PACKAGE MENU\SONYTRAY.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOBNZ08.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSOL08.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCTLCOM.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCIOMON.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\TMPROXY.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS_V1.99.1.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.westnet.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.westnet.com.au
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer - Westnet Internet Services
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - (no file)
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [ccleaner] "C:\PROGRAM FILES\CCLEANER\CCLEANER.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Startup: officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredit...?p=ZNxdm414YYAU
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.westnet.com.au
O16 - DPF: {4855C21B-E452-4661-A702-ED3493CE74DF} - http://sp.ask.com/docs/toolbar/download/askbar-inst.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/20040...all/xscan53.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/set...er/imloader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {4029B52D-5935-46B6-94F2-AB702CBE6646} (CAddressBook Object) - http://www.fillmycloset.co.uk/FAddressBook.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/...l_v1-0-3-48.cab
|
Senior Member
|
23. September 2006 @ 17:57 |
Link to this message
|
Yes, thank you.
Go here and download the trail version of Ewdio.
Install and update.
Restart your computer in safe mode(press F8 upon boot, select "Safe Mode" from menu).
Open Ewdio and click Scanner.
Run a Complete system scan.
When it finishes, set all items to quarantine and click "Apply all actions."
Then click "Save Report".(save to desktop, you will need it)
Close Ewdio.
Restart in normal mode.
Run a scan only with HijackThis, check the box beside each of these.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - (no file)
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - (no file)
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredit...?p=ZNxdm414YYAU
O16 - DPF: {4855C21B-E452-4661-A702-ED3493CE74DF} - http://sp.ask.com/docs/toolbar/download/askbar-inst.cab
Close all windows except HijackThis and click Fix checked.
Reopen HijackThis.
Click on Open the Misc Tools section.
Click on Open uninstall manager.
Press the Save list button. It will open a Notepad file.
Save the list to the desktop.
Run a new scan with HijackThis and save a new log.
Post the HijackThis log, HijackThis uninstall list and the Ewdio report.
|
|
mymaxxy
Junior Member
|
23. September 2006 @ 18:06 |
Link to this message
|
|
i only have windows 98 so wont let me download that program.
|
Senior Member
|
23. September 2006 @ 18:41 |
Link to this message
|
|
That's ok, sorry about that. I seen you had 98 but I forgot. Just continue with rest of instructions.
|
|
mymaxxy
Junior Member
|
23. September 2006 @ 19:08 |
Link to this message
|
Logfile of HijackThis v1.99.1
Scan saved at 1:07:44 PM, on 9/24/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCGUIDE.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\SONY CORPORATION\PICTURE PACKAGE\PICTURE PACKAGE APPLICATIONS\RESIDENCE.EXE
C:\PROGRAM FILES\SONY CORPORATION\PICTURE PACKAGE\PICTURE PACKAGE MENU\SONYTRAY.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOBNZ08.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSOL08.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCTLCOM.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCIOMON.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\TMPROXY.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS_V1.99.1.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.westnet.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.westnet.com.au
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer - Westnet Internet Services
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [ccleaner] "C:\PROGRAM FILES\CCLEANER\CCLEANER.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Startup: officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.westnet.com.au
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/20040...all/xscan53.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/set...er/imloader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {4029B52D-5935-46B6-94F2-AB702CBE6646} (CAddressBook Object) - http://www.fillmycloset.co.uk/FAddressBook.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/...l_v1-0-3-48.cab
|
|
mymaxxy
Junior Member
|
23. September 2006 @ 19:12 |
Link to this message
|
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe SVG Viewer 3.0
Alcatel SpeedTouch USB Software
Art Explosion Greeting Card Factory
Art Explosion Scrapbook Factory Deluxe
CCleaner (remove only)
CleanUp!
Delete Windows 98 Second Edition uninstall information
Hallmark Card Studio 2 Standard
HijackThis 1.99.1
Hoyle Mahjong Tiles
HP Photo and Imaging 1.0 - PSC 2000 Series
hp psc 2100 series
ICatch (VI) PC Camera
IncrediMail Xe
Internet Explorer Q916281
Macromedia Flash Player
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft Digital Image Pro 7.0
Microsoft Office 97, Professional Edition
Microsoft Outlook Express 6
Microsoft VGX Q833989
Microsoft Windows 98 Starts Here
Microsoft Windows Critical Update Notification
Microsoft XML Parser and SDK
MSN Messenger 7.0
Nero - Burning ROM
Outlook Express Q837009
Pattern Maker Viewer - v4
Picasa 2
Picture Package
QuickTime
SiS 650
SiS Audio Driver
Sony USB Driver
Trend Micro PC-cillin Internet Security 2005
Uninstall Windows 98 Second Edition
USB FLASH DRIVE 2.0
USB MassStorage CardReader
Windows 98 KB891711 Update
Windows 98 KB896358 Update
Windows 98 KB908519 Update
Windows 98 KB918547 Update
Windows 98 Q823559 Update
Windows 98 Q888113 Update
Windows Media Player system update (9 Series)
WinZip
WinZip Self-Extractor
|
Senior Member
|
23. September 2006 @ 19:20 |
Link to this message
|
Ok, good. Your log is clean. What problems are you having, if any?
Go here and run ActiveScan. When it finishes, save the results and post them here.
|
|
mymaxxy
Junior Member
|
23. September 2006 @ 20:07 |
Link to this message
|
|
Real-time Scan
Trend Micro PC-cillin Internet Security has detected a virus, spyware application, or other Internet threat, and performed the action specified.
Infected file: C:\WINDOWS\DOWNLOADED PROGRAM FILES\HBINSTIE.DLL
Virus name: ADW_HOTBAR.Q
User name: Kylie H
Scan action result: Denied Access.
this keeps coming up.i have been unable find it and delete it.
|
|
mymaxxy
Junior Member
|
23. September 2006 @ 20:27 |
Link to this message
|
|
Incident Status Location
Adware:Adware/Block-checker Not disinfected C:\WINDOWS\SYSTEM\navshext1.dll
Adware:adware/block-checker Not disinfected C:\WINDOWS\SYSTEM\ustart.exe
Potentially unwanted tool:Application/FunWeb Not disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall6_98.exe
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall7_14.exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\BEJEWELEDSETUP-DM[1].EXE
Adware:Adware/Trymedia
|
Senior Member
|
23. September 2006 @ 21:39 |
Link to this message
|
Go here and download Spybot Search and Destroy. When installing click Check for update immediately.
After installing Spybot will open, click Search for Updates.
After update click Scan for problems.
When it finishes, click Fix Problems.
The log will go here: C:\Windows\Application Data\Spybot - Search & Destroy\Logs
It's name will be Checks.yymmdd-hhmm or Fixes.yymmdd-hhmm, if you have both just post the Fixes.
|
|
mymaxxy
Junior Member
|
23. September 2006 @ 21:40 |
Link to this message
|
|
Incident Status Location
Adware:adware/block-checker Not disinfected c:\windows\system\ustart.exe
Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
Adware:adware/msxmidi Not disinfected c:\windows\msxmidi.exe
Spyware:spyware/new.net Not disinfected c:\windows\NDNuninstall6_98.exe
Adware:adware/ncase Not disinfected c:\program files\180Search Assistant
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{9AFB8248-617F-460d-9366-D71CDEDA3179}
Adware:Adware/Block-checker Not disinfected C:\WINDOWS\SYSTEM\navshext1.dll
Spyware:Cookie/Serving-sys Not disinfected C:\WINDOWS\Cookies\kylie h@serving-sys[1].txt
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall7_14.exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\BEJEWELEDSETUP-DM[1].EXE
Adware:Adware/Trymedia Not disinfected C:\Downloads\YAHTZEE_SETUP-DM[1].EXE
2nd scan
|
|
mymaxxy
Junior Member
|
23. September 2006 @ 22:12 |
Link to this message
|
--- Report generated: 2006-03-12 23:50 ---
FunWebProducts: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
FunWebProducts: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
FunWebProducts: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}
FunWebProducts: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
FunWebProducts: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}
FunWebProducts: Settings (Registry value, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D}
FunWebProducts: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.HistoryKillerScheduler
FunWebProducts: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.HistoryKillerScheduler.1
FunWebProducts: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7}
FunWebProducts: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.HistorySwatterControlBar
FunWebProducts: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.HistorySwatterControlBar.1
FunWebProducts: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835}
FunWebProducts: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.IECookiesManager
FunWebProducts: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.IECookiesManager.1
FunWebProducts: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
FunWebProducts: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.KillerObjManager
FunWebProducts: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.KillerObjManager.1
FunWebProducts: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{B813095C-81C0-4E40-AA14-67520372B987}
FunWebProducts: Program directory (Directory, fixed)
C:\Program Files\FunWebProducts\
FunWebProducts: Settings (Registry key, fixed)
HKEY_USERS\.DEFAULT\Software\Fun Web Products
eAcceleration: Library (File, fixed)
C:\WINDOWS\SYSTEM\sporder.dll
Hotbar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{175816A5-219E-4079-B2F9-53C501C409BA}
Hotbar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{5D16197A-1EAA-45AF-B29A-69F1AA055E87}
Hotbar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{8A61A950-C325-4F44-BA64-273180FF3464}
Hotbar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{B53D4CD4-406D-43CC-8244-7893D72236DD}
Hotbar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{B9BB3219-F84C-4060-966B-4A1E73E24226}
Hotbar: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{F786CB18-3809-4E49-BC99-9A66DA47DB8B}
Hotbar: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{71EFE583-62FE-4419-9918-CA3B683F7B36}
Hotbar: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\HbTools
Hotbar: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}
Hotbar: IE toolbar (Registry value, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{74CC49F7-EB32-4A08-B204-948962A6E3DB}
Hotbar: Program directory (Directory, fixed)
C:\WINDOWS\Application Data\HbTools\v3.0\
Hotbar: Program directory (Directory, fixed)
C:\Program Files\HbTools\
Hotbar: Program directory (Directory, fixed)
C:\Program Files\HbTools\bin\
Hotbar: Program directory (Directory, fixed)
C:\Program Files\HbTools_Icons\
Hotbar: Program directory (Directory, fixed)
C:\Program Files\ShopperReports\
Hotbar: Program directory (Directory, fixed)
C:\Program Files\ShopperReports\Bin\
Hotbar: Program directory (Directory, fixed)
C:\Program Files\ShopperReports\Bin\1.0.8.0\
Hotbar: Data (File, fixed)
C:\WINDOWS\Downloaded Program Files\HbTools.inf
MyWay.MyWebSearch: Browser helper object (Registry key, fixed)
HKEY_USERS\.DEFAULT\Software\MyWebSearch
MyWay.MyWebSearch: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}
MyWay.MyWebSearch: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
MyWay.MyWebSearch: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{07B18EA3-A523-4961-B6BB-170DE4475CCA}
MyWay.MyWebSearch: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
MyWay.MyWebSearch: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC}
MyWay.MyWebSearch: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9}
MyWay.MyWebSearch: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA}
MyWay.MyWebSearch: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
MyWay.MyWebSearch: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17}
MyWay.MyWebSearch: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
MyWay.MyWebSearch: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\MyWebSearch.OutlookAddin
MyWay.MyWebSearch: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\MyWebSearch.OutlookAddin.1
MyWay.MyWebSearch: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC}
MyWay.MyWebSearch: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\MyWebSearchToolBar.SettingsPlugin
MyWay.MyWebSearch: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\MyWebSearchToolBar.SettingsPlugin.1
MyWay.MyWebSearch: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
MyWay.MyWebSearch: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\ScreenSaverControl.ScreenSaverInstaller
MyWay.MyWebSearch: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\ScreenSaverControl.ScreenSaverInstaller.1
MyWay.MyWebSearch: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF}
MyWay.MyWebSearch: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554}
MyWay.MyWebSearch: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
MyWay.MyWebSearch: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14}
MyWay.MyWebSearch: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D}
MyWay.MyWebSearch: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{F42228FB-E84E-479E-B922-FBBD096E792C}
MyWay.MyWebSearch: Browser helper object (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\FocusInteractive
MyWay.MyWebSearch: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
MyWay.MyWebSearch: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin
MyWay.MyWebSearch: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin
MyWay.MyWebSearch: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
MyWay.MyWebSearch: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\MyWebSearch
MyWay.MyWebSearch: Program directory (Directory, fixing failed)
C:\Program Files\MyWebSearch\
MyWay.MyWebSearch: Link (File, fixed)
C:\WINDOWS\Start Menu\Programs\StartUp\MyWebSearch Email Plugin.lnk
MyWay.MyWebSearch: Program file (File, fixed)
C:\WINDOWS\SYSTEM\Popular Screensavers.scr
MyWay.MyWebSearch: Browser helper object (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
MyWay.MyWebSearch: Library (File, fixed)
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
MyWay.MyWebSearch: Library (File, fixed)
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
NewDotNet: Executable (File, nothing done)
C:\WINDOWS\NDNuninstall6_38.exe
NewDotNet: Executable (File, fixed)
C:\WINDOWS\NDNuninstall6_90.exe
NewDotNet: <$WINSOCK> (Winsock, fixed)
NewDotNet: Program directory (Directory, fixing failed)
C:\Program Files\NewDotNet\
NewDotNet: User settings (Registry key, fixed)
HKEY_USERS\.DEFAULT\Software\new.net
Alexa Related: Link (Replace file, fixed)
C:\WINDOWS\Web\RELATED.HTM
FunWeb: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.HTMLMenu
FunWeb: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.HTMLMenu.2
FunWeb: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
FunWeb: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.HTMLMenu.1
FunWeb: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
FunWeb: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.PopSwatterBarButton
FunWeb: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.PopSwatterBarButton.1
FunWeb: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14}
FunWeb: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.PopSwatterSettingsControl
FunWeb: Root class (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\FunWebProducts.PopSwatterSettingsControl.1
FunWeb: Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
FunWeb: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
FunWeb: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
FunWeb: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Fun Web Products
FunWeb: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\FunWebProducts
FunWeb: Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts
webHancer: <$WINSOCK> (Winsock, fixed)
webHancer: System file (File, fixed)
C:\WINDOWS\webhdll.dll
webHancer: Program directory (Directory, fixing failed)
C:\Program Files\webHancer\
MyWebSearch: Class ID (Registry key, fixed)
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}
MyWebSearch: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
MyWebSearch: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
MyWebSearch: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
MyWebSearch: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
MyWebSearch: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
MyWebSearch: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
MyWebSearch: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
MyWebSearch: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
MyWebSearch: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
MyWebSearch: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
MyWebSearch: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
MyWebSearch: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
MyWebSearch: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
MyWebSearch: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
MyWebSearch: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
MyWebSearch: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
MyWebSearch: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
MyWebSearch: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
MyWebSearch: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA}
MyWebSearch: Type library (Registry key, fixed)
HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C}
MyWebSearch: Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\sources\f3PopularScreensavers
Hotbar: Interface (IHbStats) (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{1C1793E0-1034-4CAC-837D-AA545F6961BF}
Hotbar: Interface (IHbMapiAddrBook) (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{B671426C-5C1A-48AC-9652-BC9402B1C404}
Avenue A, Inc.: Tracking cookie (Internet Explorer: Kylie H) (Cookie, fixed)
DoubleClick: Tracking cookie (Internet Explorer: Kylie H) (Cookie, fixed)
FastClick: Tracking cookie (Internet Explorer: Kylie H) (Cookie, fixed)
HitBox: Tracking cookie (Internet Explorer: Kylie H) (Cookie, fixed)
HitBox: Tracking cookie (Internet Explorer: Kylie H) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2006-03-12 unins000.exe (51.41.0.0)
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 SDHELPER.DLL (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-03-10 Includes\Cookies.sbi (*)
2006-03-10 Includes\Dialer.sbi (*)
2006-03-10 Includes\Hijackers.sbi (*)
2006-03-10 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2006-03-10 Includes\Malware.sbi (*)
2006-03-10 Includes\PUPS.sbi (*)
2006-03-10 Includes\Revision.sbi (*)
2006-03-10 Includes\Security.sbi (*)
2006-03-10 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-03-10 Includes\Trojans.sbi (*)
|
Senior Member
|
23. September 2006 @ 22:19 |
Link to this message
|
Just seen the Spybot log. Edited all these directions until I can review the log.
Ok, more infection that I thought.
Find these folder and delete them.
C:\Program Files\MyWebSearch\
C:\Program Files\180Search Assistant
Go here and download KillBox.
Note: you may want to print these instructions or copy to Notepad, you will be in safe mode and can't access the internet.
Restart your computer in safe mode(press F8 upon boot, select "Safe Mode" from menu and press Enter).
Open Killbox.exe.
Check "Standard File Kill".
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time. Then click the red X button after you enter each file.
You will be prompted to confirm, click Yes.
Note: KillBox may prompt "File does not seem to exist". If so, continue with next file. Please do not miss any.
C:\WINDOWS\SYSTEM\navshext1.dll
C:\WINDOWS\SYSTEM\ustart.exe
c:\windows\msxmidi.exe
C:\WINDOWS\NDNuninstall6_98.exe
C:\WINDOWS\NDNuninstall7_14.exe
C:\WINDOWS\DOWNLOADED PROGRAM FILES\HBINSTIE.DLL
C:\Downloads\BEJEWELEDSETUP-DM[1].EXE ONLY if you didn't download.
C:\Downloads\YAHTZEE_SETUP-DM[1].EXE ONLY if you didn't download.
Go here and download CCleaner. Install and run both the cleaner and the issues fix(when prompted to backup registry click Yes. I recommend you keep CCleaner because it is a great Windows cleaning tool.
And lastly, run ActiveScan again. Hopefully it will come out clean, but if not, post the results.
Post a new HijackThis log even if ActiveScan doesn't find anything.
This message has been edited since posting. Last time this message was edited on 23. September 2006 @ 22:35
|
|
mymaxxy
Junior Member
|
24. September 2006 @ 01:25 |
Link to this message
|
Logfile of HijackThis v1.99.1
Scan saved at 7:25:37 PM, on 9/24/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCGUIDE.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\SONY CORPORATION\PICTURE PACKAGE\PICTURE PACKAGE MENU\SONYTRAY.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOBNZ08.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSOL08.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE
C:\WINDOWS\SYSTEM\HPZIPM12.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCTLCOM.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCIOMON.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\TMPROXY.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS_V1.99.1.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.westnet.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.westnet.com.au
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer - Westnet Internet Services
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [ccleaner] "C:\PROGRAM FILES\CCLEANER\CCLEANER.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\RunServices: [ccleaner] "C:\PROGRAM FILES\CCLEANER\CCLEANER.exe" /AUTO
O4 - HKCU\..\RunServices: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Startup: officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.westnet.com.au
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/20040...all/xscan53.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/set...er/imloader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {4029B52D-5935-46B6-94F2-AB702CBE6646} (CAddressBook Object) - http://www.fillmycloset.co.uk/FAddressBook.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/...l_v1-0-3-48.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
|
|
mymaxxy
Junior Member
|
24. September 2006 @ 01:43 |
Link to this message
|
|
Incident Status Location
Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{9AFB8248-617F-460d-9366-D71CDEDA3179}
Adware:Adware/Block-checker Not disinfected C:\!KillBox\navshext1.dll
Spyware:Spyware/New.net Not disinfected C:\!KillBox\NDNuninstall6_98.exe
Spyware:Spyware/New.net Not disinfected C:\!KillBox\NDNuninstall7_14.exe
Adware:Adware/Trymedia Not disinfected C:\!KillBox\BEJEWELEDSETUP-DM[1].EXE
Adware:Adware/Trymedia
|
Senior Member
|
24. September 2006 @ 01:46 |
Link to this message
|
|
Edit: was typing while you posted the ActiveScan results.
This message has been edited since posting. Last time this message was edited on 24. September 2006 @ 01:50
|
|
mymaxxy
Junior Member
|
24. September 2006 @ 01:48 |
Link to this message
|
|
this is active scan
Incident Status Location
Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{9AFB8248-617F-460d-9366-D71CDEDA3179}
Adware:Adware/Block-checker Not disinfected C:\!KillBox\navshext1.dll
Spyware:Spyware/New.net Not disinfected C:\!KillBox\NDNuninstall6_98.exe
Spyware:Spyware/New.net Not disinfected C:\!KillBox\NDNuninstall7_14.exe
Adware:Adware/Trymedia Not disinfected C:\!KillBox\BEJEWELEDSETUP-DM[1].EXE
Adware:Adware/Trymedia
|
Senior Member
|
24. September 2006 @ 01:56 |
Link to this message
|
|
Yeah, there was a pause between posting them. I was editing my post after I seen it.
Delete the KillBox backups and log folder located here: C:\!KillBox.
Look here c:\windows\downloaded program files for f3initialsetup1.0.0.15.inf when found, delete it. If access denied open KillBox(normal mode is fine) and paste this c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf and click the red x. Tell me if you or KillBox was able to delete it.
Click Start > Run > type regedit and press enter. Click File > Export and save it.
Expand HKEY_CLASSES_ROOT. Find CLSID and expand it. Find {9AFB8248-617F-460d-9366-D71CDEDA3179} and delte it.
Click Start > Search. Search all files and folder in C:\ for "trymedia" without the "". If the folder is found delete it.
Your clean after that.
Edit: missed the inf file.
This message has been edited since posting. Last time this message was edited on 24. September 2006 @ 02:01
|
|
mymaxxy
Junior Member
|
24. September 2006 @ 01:57 |
Link to this message
|
|
Real-time Scan
Trend Micro PC-cillin Internet Security has detected a virus, spyware application, or other Internet threat, and performed the action specified.
Infected file: C:\!KILLBOX\HBINSTIE.DLL
Virus name: ADW_HOTBAR.Q
User name: Kylie H
Scan action result: Denied Access.
|
|
mymaxxy
Junior Member
|
24. September 2006 @ 02:02 |
Link to this message
|
|
Real-time Scan
Trend Micro PC-cillin Internet Security has detected a virus, spyware application, or other Internet threat, and performed the action specified.
Infected file: C:\RECYCLED\DC2.DLL
Virus name: ADW_HOTBAR.Q
User name: Kylie H
Scan action result: Denied Access.
|
Senior Member
|
24. September 2006 @ 02:08 |
Link to this message
|
|
If you followed my last's post directions you are clean now.
Empty the recycle bin and restart. Any more problems you have let me know.
|
|
mymaxxy
Junior Member
|
24. September 2006 @ 02:12 |
Link to this message
|
|
c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf was deleted in killbox
unable to find this one
Expand HKEY_CLASSES_ROOT. Find CLSID and expand it. Find {9AFB8248-617F-460d-9366-D71CDEDA3179} and delte it.
|
|
Advertisement
|
|
|
|
mymaxxy
Junior Member
|
24. September 2006 @ 02:18 |
Link to this message
|
Logfile of HijackThis v1.99.1
Scan saved at 8:17:25 PM, on 9/24/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCGUIDE.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\SONY CORPORATION\PICTURE PACKAGE\PICTURE PACKAGE MENU\SONYTRAY.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOBNZ08.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSOL08.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE
C:\WINDOWS\SYSTEM\HPZIPM12.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCTLCOM.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\PCCIOMON.EXE
C:\PROGRAM FILES\TREND MICRO\INTERNET SECURITY 2005\TMPROXY.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS_V1.99.1.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.westnet.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.westnet.com.au
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer - Westnet Internet Services
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [ccleaner] "C:\PROGRAM FILES\CCLEANER\CCLEANER.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\RunServices: [ccleaner] "C:\PROGRAM FILES\CCLEANER\CCLEANER.exe" /AUTO
O4 - HKCU\..\RunServices: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Startup: officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.westnet.com.au
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/20040...all/xscan53.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/set...er/imloader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {4029B52D-5935-46B6-94F2-AB702CBE6646} (CAddressBook Object) - http://www.fillmycloset.co.uk/FAddressBook.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/...l_v1-0-3-48.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
|
|
